Acceptable Use Policy

  • Not allowed

    • Sending unsolicited mass emails

    • Hosting or distributing harmful content

  • Allowed with restrictions

    • Penetration testing is allowed but only for a list of specific services

Shared responsibility model

Security and compliance is a shared responsibility between AWS and the customer.

AWS is responsible for the security OF the cloud and the customer is responsible for security IN the cloud.

  • AWS Responsibility

    • Access & Training of Amazon employees

    • Global datacenters and network

    • hardware

    • configuration management for infrastructure

    • patching of cloud infrastructure and services

  • Customer Responsibility

    • individual access to cloud resources and training -> give least privileged access

    • data security and encryption (both in transit and at rest)

    • operating system, network and firewall configuration

    • all code deployed onto cloud infrastructure

    • patching guest OS and custom applications

AWS Well-architected Framework

Best practices across five pillars for how to create systems that create business value.

  • Operational Excellence: Running and monitoring systems for business value

  • Security: Protecting information and business assets

  • Reliability: Enabling infrastructure to recover from disruptions

    • High-availability: Keep the entire solution running despite issues

    • Fault tolerance: Support failure of components. Some services can be used to provide fault tolerance for custom applications:

      • SQS (Simple Queue Service)

      • Route 53

  • Performance Efficiency: Using only the resources that are needed (efficiently)

  • Cost Optimisation: Achieving minimal costs for the desired value


Examples for common compliance standards are PCI-DSS, HIPAA, SOC 1-3, etc.

AWS Config provides some conformance packs for standards.

AWS Artifact provides self-service access to reports.

Amazon GuardDuty provides intelligent threat detection.

Last updated